Successfully completed an App Bundle upgrade with an existing app. Here are the steps I took.
Within Google Play Console, click on "Create new release" as per usual and then click the "Opt-in" button.
Choose "Export and upload a key from Java keystore".
You can then follow the steps shown under this option, but just to be explicit this is what I did:
Download PEPK tool and run:
java -jar pepk.jar --keystore="C:\Users\bob_n\Documents\Basic4Android\bob.keystore" --alias=b4a --output=encrypted_private_key_path --encryptionkey=eb10fxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The keystore value is the contents of File in B4A's Tools->Private Sign Key dialog box.
The encryptionkey value is the value shown on the currently visible Google Play Console page.
On running the above pepk command, you will be asked for a password. Use the password from the Private Sign Key dialog.
Upload the resulting file "encrypted_private_key_path" by clicking the Google Play Console "Upload the upload key certificate".
I didn't do the optional step: "For increased security, create a new upload key (optional)".
You should now be able to upload aab files just as easily as apk files.